today with @Brumens2 we received a 50,000€ reward for discovering a bug in a public program !! don't be shy, go hunt in public programs too @yeswehack ʚ(｡˃ ᵕ ˂ )ɞ

In the latest episode of #TalkiePwnii, @pwnwithlove kicks off a brand-new Android hacking series! 📱 Learn how to set up Genymotion, Android Studio and the essential tools to start hunting on mobile. Ready? 👇 #BugBountyTips #YesWeRHackers https://t.co/2iQTDnyY0p

bug bounties bought me this view last month (*ᴗ͈ˬᴗ͈)ꕤ*.ﾟ🇯🇵 started hunting bugs, ended up hunting the perfect ramen in Japan.. thanks @yeswehack

SSL pinning blocking your traffic? Medusa by @Ch0pin comes with ready Frida scripts for common bypasses, with many modules including ssl unpinning to test against pinned apps. Full setup guide 👉 https://t.co/A7EAPoKf3U #BugBounty #BugBountyTips

[INFO] L'association ESN'HACK a changé de bureau pour l'année 2025-2026. Prochainement, beaucoup de choses vont changer. Toutes les informations seront sur https://t.co/zKMpgfraXn.

just dropped a new article about my current way of setting up an android bug bounty lab ヾ(˶ᵔ ᗜ ᵔ˶) it’s the setup I use myself, and I’ve found nice web bugs on android apps with nothing more than a rooted pixel, frida, and some traffic interception https://t.co/Fcg70n4r5V

In the latest #TalkiePwnii, @pwnwithlove takes on a Dojo challenge about predictable tokens & YAML deserialization in Python 🐍 From predictable tokens to achieving RCE via unsafe YAML load - watch the full exploit 👇 #BugBountyTips #YesWeRHackers https://t.co/hRBY96bXRO

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die:

In the latest #TalkiePwnii, @pwnwithlove dives into Hex Color Palette, a Dojo challenge she created 🎨 From XXE exploitation to error-based file disclosure via parameter entities in lxml - learn how to use local DTD to exfiltrate sensitive files👇 https://t.co/0xaMlmiVoX

in lxml <= 5.3.2 with libxml2 2.12.x, XXE using parameter entities was possible due to libxml2 behavior - allowing indirect overrides of local DTDs. this worked even without resolve_entities, since libxml2 expanded parameter entities anyway :) it didn’t really make noise since

Want to get more out of @CaidoIO for your #BugBounty workflow? There might be a surprise in the video... 🎁 In Part 2 of our #TalkiePwnii Caido series, @pwnwithlove explores advanced features and plugins like QuickSSRF, AuthMatrix, YesWeCaido & more 👇 https://t.co/1fEvT4pMRo

Good writing here by @yeswehack. When I get nostalgic on recon, I often 'dig' into the past using some variation of what's mention in the article, though my approach is more manual than tools (by simply spending more time on wayback machine). https://t.co/Z3e1Ne8jtd

📱 Want to pwn Android apps from the inside? Let’s talk about Drozer, one of the most powerful tools for Android app security. It allows you to explore and interact with internal app components (like Activities, Services, Broadcast Receivers, and ContentProviders) to uncover

なんか死ぬほど踊ったきがする

In the latest episode of #TalkiePwnii, @pwnwithlove analyses Ruby Treasure, a Dojo challenge by @Brumens2 💎 From regex bypass to RCE through https://t.co/hapWHurtzH in Ruby - see how weak validation can lead to code execution! 👇 #YesWeRHackers https://t.co/IYRyrfU2W1

Know much about finding and exploiting path traversal or arbitrary file read vulnerabilities? 🤔 Learn practical attacks leveraging ../../ to bypass filters, hit internal APIs, and read sensitive files across systems 👇 https://t.co/yr0fec5Dff

i've made some android challenges - feel free to check them out if you're into that kind of stuff! they’re pretty rare in most CTFs :p the last one is based on a real bug bounty I reported, and is linked to a real application I can control ;)

@Skyyyuh no idea

Curious to find out how @CaidoIO could fit into your #BugBounty workflow? 🐞 In this special episode of #TalkiePwnii, @pwnwithlove shows Caido’s core features - from HTTP interception to workflow automation. Don't miss it 👇 #BugBountyTips #Caido https://t.co/OvvgsYCHxN

Fuck @firefox

OwnAppV2, Proxying and Reversing a Flutter apk | BreizhCTF WU - @pwnwithlove https://t.co/VQ7SDgAb7P